Overview

overview

10

Static

static

10

DOCUMENTO_...ES.rar

windows7-x64

3

DOCUMENTO_...ES.rar

windows10-2004-x64

3

DOCUMENTO_...ES.exe

windows7-x64

10

DOCUMENTO_...ES.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.rar

  • Size

    359KB

  • Sample

    231205-rvrthabe81

  • MD5

    aeff13ad45fc317d5b4ecb6cf19f6b9c

  • SHA1

    b21a0b932f17c4e111d333682d3f750199beb584

  • SHA256

    00fd2efe7e59af1a6d9909bd4acfd7e08a3f5be6f2eb2c711afd12645e8e6abb

  • SHA512

    ae8a1cc8dcf1ff9cc0851e7c29fade369a84b43372b7f32188f1d49f9ecb773b4605fc6a129bac6890da1046d8976ebff7df0607aae4c5401046f76dec0271c4

  • SSDEEP

    6144:u/9v/FFgh/rrNf1DlzpSzFqtKHd4NMTj/KuUvU0OwZYqPHLSSaJbK9ZGVZICGgnV:kCj59DJpmqtS42TrsOwuSaJWDGV4bA

Score
10/10
asyncratpurelogszgratpersistenceratstealer

Malware Config

Targets

    • Target

      DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.rar

    • Size

      359KB

    • MD5

      aeff13ad45fc317d5b4ecb6cf19f6b9c

    • SHA1

      b21a0b932f17c4e111d333682d3f750199beb584

    • SHA256

      00fd2efe7e59af1a6d9909bd4acfd7e08a3f5be6f2eb2c711afd12645e8e6abb

    • SHA512

      ae8a1cc8dcf1ff9cc0851e7c29fade369a84b43372b7f32188f1d49f9ecb773b4605fc6a129bac6890da1046d8976ebff7df0607aae4c5401046f76dec0271c4

    • SSDEEP

      6144:u/9v/FFgh/rrNf1DlzpSzFqtKHd4NMTj/KuUvU0OwZYqPHLSSaJbK9ZGVZICGgnV:kCj59DJpmqtS42TrsOwuSaJWDGV4bA

    Score
    3/10
    behavioral1behavioral2

    • Target

      DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.exe

    • Size

      636KB

    • MD5

      f4e6aa4825c73359afc52772141b9ba0

    • SHA1

      0e1cb4c1892e31dcd8969619258e80eef17193b4

    • SHA256

      7491fe50fef18bbe9d219ef65e449723f0606f447283c744e03ace013c936099

    • SHA512

      98f93c31fa813bf4fbafdd58a0b179d744f782a86be5628a464b66fa8119be9fe8969034b38bcf7460afba29d3ec5eb594892f36674d0e3d4780e05cefebbdde

    • SSDEEP

      12288:eBjETYUIkLlp2arppSA0ckNMp3S/9aRCdd:9TYUIklpZPGypu9bdd

    Score
    10/10
    asyncratpurelogszgratpersistenceratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect PureLogs payload

    • Detect ZGRat V1

    • PureLogs

      PureLogs is an infostealer written in C#.

      stealerpurelogs

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks